The Swym Platform is fully GDPR Compliant, ensuring that consumers' data rights are respected and supported. We help merchants like you maintain compliance by facilitating the exercise of these crucial rights for your customers.
Under GDPR, your customers in the EU have the following key rights concerning their personal data:
Right of Access: Customers can request to know what personal data of theirs is stored within our system.
Right to be Forgotten (Erasure): Customers can request the complete removal of all their personal data from our system.
Right of Portability: Customers can request their personal data to be provided in a machine-readable format, enabling them to transfer it to another organization.
Right to Object: Customers can refuse or withdraw consent for the processing of their personal data.
Right to Rectify: Customers can request corrections to any inaccurate personal data stored in our system.
Managing Customer Data Requests
To facilitate these rights for your customers, we provide you with direct tools in your Swym Admin:
Access, Download, and Delete Data: For requests related to the Right of Access, Right to be Forgotten, and Right of Portability, you can easily view, download (as a CSV file), or delete a customer's data directly from your Swym Admin. Simply provide the customer's email address, which serves as our primary identifier for user data.
Please note that for data deletion requests, all associated user data will be permanently erased from the Swym system within 30 days. We maintain an audit trail of all such removal requests for record-keeping purposes, which includes details of the original request.
Object and Rectify Data: For requests pertaining to the Right to Object or Right to Rectify data, please contact our support team. You can initiate a request with us to either remove specific data points or update inaccurate information on behalf of your customer.
Swym Data Erasure and Anonymization Protocol
In compliance with the GDPR Right to Erasure, CCPA/CPRA Right to Delete, and adherence to Shopify's Data Protection Guidelines, Swym shall honor any verified data erasure request from an end-user (shopper/data subject).
Swym will process the erasure and anonymization of all associated Personally Identifiable Information (PII) within 30 calendar days from the date the request is verified.
This procedure ensures the user's PII is permanently "forgotten" through a combination of mandatory steps:
Secure Data Removal: This involves the permanent and irrecoverable deletion of all directly identifiable Personally Identifiable Information (PII) from all active systems. Furthermore, where data is disclosed in response to a Data Subject Access Request, PII belonging to unrelated third parties will be permanently redacted (masked or removed) to protect their privacy rights.
Anonymization: Any remaining associated relational data (e.g., Wishlist contents, engagement metrics) will be transformed using industry-standard security techniques, rendering it entirely anonymous and untraceable to the individual.
Note on Finality:
This process is final and irreversible. All user-associated data, once processed, is not recoverable. Any subsequent engagement with Swym products by the shopper will be processed as a new, unlinked user session, with no connection to any previous identity or historical data.
CCPA Data Deletion Requests
If you receive a data deletion request under the CCPA (California Consumer Privacy Act), the process is covered by the Swym Data Erasure and Anonymization Protocol above. Please reach out to us with the associated email address of the data you wish to have deleted.
Your Personal Data Retention
Regarding the retention of your personal data (as a merchant), we will retain it for as long as necessary to fulfill the purpose for which it was collected. This includes scenarios such as fulfilling a contract, serving our or a third party’s legitimate interests, or based on your consent. Unless you request earlier deletion, we may hold your personal data for 365 days after you stop using our Services.
Frequently Asked Questions
Question: How quickly is the customer's data deleted?
Answer: In compliance with regulatory standards, Swym commits to processing the complete erasure and anonymization of all associated data within 30 calendar days from the time you submit the verified request in your Swym Admin.
Question: Is a data deletion request reversible? Can the customer recover their Wishlist?
Answer: No, the process is final and irreversible. Once the deletion and anonymization protocol is complete, the user's data is permanently destroyed and cannot be recovered. Any future interaction will treat the shopper as a new, unlinked user.
Question: What is the difference between "Secure Data Removal" and "Anonymization"?
Answer: Secure Data Removal is the complete and permanent erasure of directly identifiable PII (like the email address). Anonymization is the transformation of remaining historical data (like a Wishlist item ID) using secure techniques, making it fully untraceable to the original individual while still allowing for aggregated reporting.
Question: When would data be "redacted" instead of fully deleted?
Answer: Redaction is a security measure used when fulfilling a Right of Access request. If the data we provide contains PII belonging to a third party (e.g., another person's email in a log), that third-party data is permanently masked (redacted) to protect their privacy rights.
Need further assistance?
You can always reach out to us at [email protected].
If you're already on our messenger, simply say "talk to an agent," and Fin will connect you with a member of our team who can provide further assistance.